Lucene search

[email protected]CVE-2007-5178

HistoryOct 03, 2007 - 2:17 p.m.

CVE-2007-5178

2007-10-0314:17:00

CWE-94

[email protected]

web.nvd.nist.gov

113

cve-2007-5178

mx_glance

remote file inclusion

security vulnerability

php code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.219 Low

EPSS

Percentile

96.5%

JSON

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.

Affected configurations

NVD

Node

mxbbmx_glanceMatch2.3.3

CPENameOperatorVersion
mxbb:mx_glancemxbb mx glanceeq2.3.3

CPE	Name	Operator	Version
mxbb:mx_glance	mxbb mx glance	eq	2.3.3

References

osvdb.org/37400

secunia.com/advisories/27011

www.attrition.org/pipermail/vim/2007-October/001807.html

www.attrition.org/pipermail/vim/2007-October/001808.html

www.securityfocus.com/bid/25866

www.vupen.com/english/advisories/2007/3326

exchange.xforce.ibmcloud.com/vulnerabilities/36867

www.exploit-db.com/exploits/4470

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.219 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2007-5178

cvelist1 nvd1 prion1